Manual Reference Pages - OPENVAS-NVT-SYNC (8)

CONTENTS

The
OpenVAS Security Scanner performs several security checks, each of them being coded as an external
plugin coded in NASL. As new security holes are published every day, new
plugins appear on the OpenVAS site (www.openvas.org)
The script
openvas-nvt-sync will fetch all the newest security checks for you and install them at the proper
location. Once this is done you will need to either restart openvas-scanner(8)
or send a SIGHUP to its main process so that it loads the new checks and uses them
for new security scans.

openvas-nvt-sync uses rsync(1) and md5sum(1) to do its job. In order to download the
new plugins the machine where the script runs needs to have
access to rsync.openvas.org using the rsync protocol (TCP/UDP port 873).

If you are behind a web proxy you can configure rsync to use it through the
use of the RSYNC_PROXY environment variable. For more information see
rsync(1).

openvas-nvt-sync uses rsync(1) to retrieve the archive of the new plugins. The scripts
provided by the OpenVAS project might
not be signed. Consequently, if somewhere where to poison your DNS server and force this
script to retrieve NASL plugins on another site he would force
your OpenVAS server to execute NASL scripts when running security tests.
Even if this might not do much harm (see the NASL reference guide
for more information on that subject) you should be very careful
when doing this.